CVSS: 7.5EPSS: 1%CPEs: 109EXPL: 0CVE-2009-3292 – php: exif extension: Multiple missing sanity checks in EXIF file processing
https://notcve.org/view.php?id=CVE-2009-3292
Unspecified vulnerability in PHP before 5.2.11, and 5.3.x before 5.3.1, has unknown impact and attack vectors related to "missing sanity checks around exif processing." Vulnerabilidad sin especificar en PHP en versiones anteriores a la v5.2.11 tiene un impacto desconocido y vectores de ataque relacionados con un "missing sanity checks around exif processing." (comprobaciones de validez no encontradas del procesamiento exif.). • http://lists.apple.com/archives/security-announce/2009/Nov/msg00000.html http://lists.opensuse.org/opensuse-security-announce/2009-10/msg00004.html http://marc.info/?l=bugtraq&m=127680701405735&w=2 http://marc.info/?l=bugtraq&m=130497311408250&w=2 http://news.php.net/php.announce/79 http://secunia.com/advisories/36791 http://secunia.com/advisories/37412 http://secunia.com/advisories/37482 http://secunia.com/advisories/40262 http://support.apple.com/kb/HT3937 http:/ •
CVSS: 7.5EPSS: 1%CPEs: 112EXPL: 0CVE-2009-3291 – php: openssl extension: Incorrect verification of SSL certificate with NUL in name
https://notcve.org/view.php?id=CVE-2009-3291
The php_openssl_apply_verification_policy function in PHP before 5.2.11 does not properly perform certificate validation, which has unknown impact and attack vectors, probably related to an ability to spoof certificates. La función php_openssl_apply_verification_policy de PHP en versiones anteriores a la v5.2.11 no realiza adecuadamente la validación de un certificado, lo que tiene un impacto y vectores de ataque desconocidos, probablemente relacionados con la posibilidad de suplantar certificados. • http://lists.apple.com/archives/security-announce/2009/Nov/msg00000.html http://lists.opensuse.org/opensuse-security-announce/2009-10/msg00004.html http://marc.info/?l=bugtraq&m=127680701405735&w=2 http://marc.info/?l=bugtraq&m=130497311408250&w=2 http://secunia.com/advisories/36791 http://secunia.com/advisories/37482 http://secunia.com/advisories/40262 http://support.apple.com/kb/HT3937 http://www.debian.org/security/2009/dsa-1940 http://www.osvdb.org/58185 http:&# • CWE-20: Improper Input Validation •
CVSS: 7.5EPSS: 1%CPEs: 109EXPL: 0CVE-2009-3293
https://notcve.org/view.php?id=CVE-2009-3293
Unspecified vulnerability in the imagecolortransparent function in PHP before 5.2.11 has unknown impact and attack vectors related to an incorrect "sanity check for the color index." Vulnerabilidad sin especificar en la función imagecolortransparent de PHP en versiones anteriores a la v5.2.11 tiene un impacto desconocido y vectores de ataque relacionados con un incorrecto "sanity check for the color index." (comprobación de validez de un índice de color.). • http://lists.apple.com/archives/security-announce/2009/Nov/msg00000.html http://lists.opensuse.org/opensuse-security-announce/2009-10/msg00004.html http://marc.info/?l=bugtraq&m=127680701405735&w=2 http://marc.info/?l=bugtraq&m=130497311408250&w=2 http://secunia.com/advisories/36791 http://secunia.com/advisories/40262 http://support.apple.com/kb/HT3937 http://www.osvdb.org/58187 http://www.php.net/ChangeLog-5.php#5.2.11 http://www.php.net/releases/5_2_11&# •
CVSS: 5.8EPSS: 1%CPEs: 4EXPL: 1CVE-2009-2687 – php: exif_read_data crash on corrupted JPEG files
https://notcve.org/view.php?id=CVE-2009-2687
The exif_read_data function in the Exif module in PHP before 5.2.10 allows remote attackers to cause a denial of service (crash) via a malformed JPEG image with invalid offset fields, a different issue than CVE-2005-3353. La función exif_read_data en el módulo Exif en PHP anteriores v5.2.10 permite a atacantes remotos causar una denegación de servicio (caída) a través de una imagen JPEG mal formada con campos inválidos en offset, siendo un asunto diferente a CVE-2005-3353. • http://bugs.php.net/bug.php?id=48378 http://lists.opensuse.org/opensuse-security-announce/2009-10/msg00004.html http://marc.info/?l=bugtraq&m=127680701405735&w=2 http://osvdb.org/55222 http://secunia.com/advisories/35441 http://secunia.com/advisories/36462 http://secunia.com/advisories/37482 http://secunia.com/advisories/40262 http://www.debian.org/security/2009/dsa-1940 http://www.mandriva.com/security/advisories?name=MDVSA-2009:145 http://www.mandriva.com/security • CWE-20: Improper Input Validation •
CVSS: 2.6EPSS: 0%CPEs: 109EXPL: 0CVE-2008-5814 – php: XSS via PHP error messages
https://notcve.org/view.php?id=CVE-2008-5814
Cross-site scripting (XSS) vulnerability in PHP, possibly 5.2.7 and earlier, when display_errors is enabled, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. NOTE: because of the lack of details, it is unclear whether this is related to CVE-2006-0208. Vulnerabilidad de Secuencias de Comandos en Sitios Cruzados (XSS) en PHP, posiblemente v5.2.7 y anteriores, cuando display_error está activada, permite a atacantes remotos inyectar secuencias de comandos Web o HTML a través de vectores no especificados. NOTA: debido a la falta de detalles, no está claro si esto está relacionado con CVE-2006-0208. • http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c02029444 http://jvn.jp/en/jp/JVN50327700/index.html http://jvndb.jvn.jp/en/contents/2008/JVNDB-2008-000084.html http://marc.info/?l=bugtraq&m=124277349419254&w=2 http://secunia.com/advisories/34830 http://secunia.com/advisories/34933 http://secunia.com/advisories/35003 http://secunia.com/advisories/35007 http://secunia.com/advisories/35108 http://www.debian.org/security/2009/dsa-1789 http://www • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •